473,320 Members | 1,982 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

FormsAuthentication Cookie Q

When you call FormsAuthentication.SignOut(), is the FormsAuthentication
cookie supposed to be destroyed automatically?

I'm creating my FormsAuthentication cookie by doing:
HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);

where sTicket is an encrypted FormsAuthenticationTicket. When I create the
FormsAuthenticationTicket, I set its isPersistent property to false.

I set the Expires property of my cookie to now + 2 hours.

When I log out and call FormsAuthentication.SignOut(), my
FormsAuthentication cookie is still sitting there in my cookies folder, even
if I do:

Response.Cookies.Remove(FormsAuthentication.FormsC ookieName);
Nov 17 '05 #1
2 4737
Dear insomiacs, I noticed something weird.

FormsAuthenticationTicket oAuthTicket = new FormsAuthenticationTicket(1,
sUserName, DateTime.Now, DateTime.Now.AddHours(4)false, sGroups);

// Encrypt the FormsAuthenticationTicket

string sTicket = FormsAuthentication.Encrypt(oAuthTicket);

// Create the auth cookie for the User

HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);

// oCookie.Expires = DateTime.Now.AddHours(4);

I noticed that when I commented out the last line above (since the
expiration is already set in the oAuthTicket creation, I no longer see the
cookie being created on my hard drive ... weird

"George Durzi" <gdurzi@nospam_hotmail.com> wrote in message
news:O3**************@tk2msftngp13.phx.gbl...
When you call FormsAuthentication.SignOut(), is the FormsAuthentication
cookie supposed to be destroyed automatically?

I'm creating my FormsAuthentication cookie by doing:
HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);

where sTicket is an encrypted FormsAuthenticationTicket. When I create the
FormsAuthenticationTicket, I set its isPersistent property to false.

I set the Expires property of my cookie to now + 2 hours.

When I log out and call FormsAuthentication.SignOut(), my
FormsAuthentication cookie is still sitting there in my cookies folder, even if I do:

Response.Cookies.Remove(FormsAuthentication.FormsC ookieName);

Nov 17 '05 #2
Found the workaround. Problem was I needed to destroy the
FormsAuthentication cookie when the user logged out, or closed the browser.
(found out that I couldn't call remove, I had to set the Expires property of
the cookie to a day in the past).

The problem is, Session_End is the only place I can think of to destroy the
cookie when the user closes the browser, but I can't get that to run.

The only think I found that works, is to not manually set the Expires
property of the cookie when first creating it. LEt all that info stay in the
FormsAUthenticationTicket.

enough with all these weirdnesses already :(

"George Durzi" <gdurzi@nospam_hotmail.com> wrote in message
news:uZ*************@TK2MSFTNGP10.phx.gbl...
Dear insomiacs, I noticed something weird.

FormsAuthenticationTicket oAuthTicket = new FormsAuthenticationTicket(1,
sUserName, DateTime.Now, DateTime.Now.AddHours(4)false, sGroups);

// Encrypt the FormsAuthenticationTicket

string sTicket = FormsAuthentication.Encrypt(oAuthTicket);

// Create the auth cookie for the User

HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);

// oCookie.Expires = DateTime.Now.AddHours(4);

I noticed that when I commented out the last line above (since the
expiration is already set in the oAuthTicket creation, I no longer see the
cookie being created on my hard drive ... weird

"George Durzi" <gdurzi@nospam_hotmail.com> wrote in message
news:O3**************@tk2msftngp13.phx.gbl...
When you call FormsAuthentication.SignOut(), is the FormsAuthentication
cookie supposed to be destroyed automatically?

I'm creating my FormsAuthentication cookie by doing:
HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);

where sTicket is an encrypted FormsAuthenticationTicket. When I create the FormsAuthenticationTicket, I set its isPersistent property to false.

I set the Expires property of my cookie to now + 2 hours.

When I log out and call FormsAuthentication.SignOut(), my
FormsAuthentication cookie is still sitting there in my cookies folder,

even
if I do:

Response.Cookies.Remove(FormsAuthentication.FormsC ookieName);


Nov 17 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: StanD | last post by:
At the end of my login process I am generating my own Persistent FormsAuthentication ticket. I encode this and set a cookie value. I then use Response.Cookies.Add(cookie), and I continue the...
4
by: Jeff B | last post by:
I am having a very perplexing problem with setting the user's roles. I have tried to figure this out for 2 days now. When the user logs in to the site, I retrieve the roles from the database and...
2
by: Grant Merwitz | last post by:
Hi, i am using forms authentication in an ASP.NET project I am setting the Forms authentication cookie by using: FormsAuthentication.RedirectFromLoginPage(UserName.Text, false); Now when i...
4
by: Matthias S. | last post by:
Hi there, I've created an application which is using Forms-based authentification. My Login-Button event handler looks somewhat like this: // validate the input, etc... // sUserName holds now...
1
by: Dean R. Henderson | last post by:
I setup FormsAuthentication on a couple websites where it has been working as expected for a long time. I used this code to setup the same type of authentication on a new website I am working on...
5
by: Åženol Akbulak | last post by:
Hello; I use in my web application FormsAuthentication. Also I use Session state (InProc). When a user logged in, I can read Session parameters. (For example Session). Problem is that, when...
8
by: Bill Henning | last post by:
Another developer and I have noticed that after upgrading to the ASP.NET 2.0 RTM release, when using: FormsAuthentication.SetAuthCookie(userName, true) That the cookie is no longer persisted,...
3
by: Noremac | last post by:
My google skills must be dwindling. I am trying to determine how in ASP.NET 2.0 I can get the ReturnUrl querystring variable in Forms Authentication to contain the absolute url. Just like others...
2
by: rn5a | last post by:
A web.config file has the following code: <configuration> <system.web> <authentication mode="Forms"> <forms name="NETConnectCookie" loginUrl="Login.aspx"> <credentials passwordFormat="SHA1"/>...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.